Mobile Ad Fraud Q&A with Adjust

Guest Blog: Well versed in large-scale data analysis, Andreas Naumann from Adjust brings more than nine years of experience working with advertisers in fraud prevention at multiple European leading ad networks including Zanox, Trademob and Glispa.

Headquartered in Berlin, Adjust is a mobile attribution and analytics company that provides app marketers with a comprehensive business intelligence platform.

Mobile ad fraud isn’t anything new to Adjust – we’ve been taking it on with one of the sharpest tools on the market (our Fraud Prevention Suite) with great success. However, one of the best ways to take on mobile fraud is to become as knowledgeable as possible – and with that, we’ve created answers to some of our most frequently asked questions, which could get you thinking about how deep fraud can be, and how it might be affecting your data, and your budgets. To find out more, read on.What’s the difference between branding based ad fraud and performance based ad fraud? Essentially, they target different budgets. The ‘MO’ of the fraudster is very much the same, just targeted at a different outcome.

For fraud aimed at branding budgets the goal is to make impressions appear like they were viewed by a human on a specific website which fetches a high CPM price. Ad stacking, invisible ads and domain spoofing are all such methods to accomplish this (bot traffic too!)

In performance based fraud, the most successful fraud scheme (at least at the moment) is made on impressions and clicks, which make them seem like they come from reputable sources (which are also invisible, and happen unbeknownst to the user). This fraud is not aimed at CPM or CPC, but at CPI. Here these impressions and clicks don’t poach CPM/CPC budgets, but are what tracking services eventually attribute installs to, thus they poach CPI/CPA budgets.

Where does fraud come from? Mobile fraud comes in many different shapes and sizes:

Fake in-app purchases – an instance where an in-app purchase was made but no revenue was exchanged. This skews key marketing metrics, and makes it more difficult to attribute valuable users, and could lead people to invest in channels that provide no value.

Fraudulent datacenter traffic – in this case, fraudsters use illegitimate techniques to fake installs in an effort to claim advertising revenue.

Organics poaching – we go into this in much more detail below…

Overcounted incentivized traffic – this type of fraud is to do with users who repeatedly interact with incentivized campaigns to reap the benefits, even though they are the same user taking advantage of a system.

Poorly attributed traffic – caused by problems within attribution technologies, poorly attributed traffic is considered more of an annoyance than deliberate fraudulent activity.

What is organics poaching? Organic poaching, also known as click spamming, is when fraudsters take credit for organic activity – be it organic clicks, installs or post-install events. In general, there are two ways to perform click-spamming.

The first is via mobile web, on undesired content that people don’t want to advertise on. Take streaming for example, say a user goes to watch a film on their iPad on an unlawful movie streaming website. In the background, the page begins to send clicks for hundreds of different offers while the film is playing. With the bandwidth that’s already being taken up by an HD video stream, no-one would notice an extra couple of thousand clicks. That website can also then cash in on the chance of a user buying something or installing an app after they’ve finished watching their film.

Another method of organics poaching is in-app. Basically, native click-spam with apps which either have many daily active users, or which take place on apps that are resident in memory (i.e. those that run all the time). The trick is to drop clicks on users without them knowing, and works on the same premise of a user randomly downloading an app, or clicking.

What is click injection? It works like this: by publishing a low-effort Android app which uses something called “install broadcasts” fraudsters can find out when other apps are installed on a device and then trigger clicks just before the install finishes. The fraudster will receive credit for (typically organic) installs as a consequence of the action.

The process is as follows: install broadcasts notify every app on an Android phone when a new one is installed. So, say a user already has a fraudulent app (usually some simple free program like a game or flashlight) installed on their phone. Whenever they install a new app, the fraudulent app is also notified of this happening. If the new app comes from a display ad, there’s a chance that the fraudulent app also participated in the campaign, having access to the tracking codes. With the codes, the bad app reports the click to ad networks – which is then attributed the fraudulent developer.